The NSA's Tailored Access Operations (TAO) unit hijacked routers, servers, and other network gear before they were delivered to customers. TAO specifically targeted packages that were headed toward organizations that were marked for surveillance, although the names of these companies haven't been revealed.

The document, a newsletter that dates back to June 2010 from the head of the NSA's Access and Target development department, includes photos of the agency opening a router from Cisco and installing beacon firmware.

These types of systems, according to Ars Technica, were described as being "some of the most productive operations in TAO because the preposition access points into hard target networks around the world."

An NSA manager described the process as follows:

Here's how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are intercepted. Next, they are redirected to a secret location where Tailored Access Operations/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the installation of beacon implants directly into our targets' electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.

This isn't the first time we've heard reports that the NSA had been intercepting packages. Back in December, Der Spiegel reported that the NSA collaborated with the CIA and FBI to routinely intercept packages containing laptops and computer accessories to insert bugs before they reach their destination. The packages would then be redirected to the TAO unit's own workshops, where they would install software that could give them remote access to those electronics.